petevannuys Posted October 21, 2010 Share Posted October 21, 2010 Any advice will be appreciated... 1.) have I done these things correctly? I have newly installed the osC2.2 RC2. w/ no items uploaded. I have * removed admin/filemanager.php * removed admin/define language.php * renamed admin to "Bob" * passworded Bob using the Password Protect in cPanel, and have .htaccess file therein * changed the following lines in Bob/includes/configure.php, thusly: define('DIR_WS_ADMIN', '/Bob/'); define('DIR_FS_ADMIN', '/your/path/to/directory/Bob/'); Now I can't login to ..../catalog/Bob. I get a .../catalog/admin/login.php?osCAdminID=8v0kt3siu0r55dearvrd900m86 which I infer means I'm close but not really there. If I keep entering I just get at 404. I made all these changes in cPanel's File Manager. 2.) will these changes prevent the current nasty hacks going around? Thanks for your time and insight. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted October 21, 2010 Share Posted October 21, 2010 define('DIR_WS_ADMIN', '/Bob/'); If this line exists: define('DIR_WS_CATALOG', '/catalog/'); then this line should be: define('DIR_WS_ADMIN', '/catalog/Bob/'); But you may have installed in /root/ and not in /catalog/ in which case I would say try a reload or clear cookies. The question I have is, do you get the directory security log in and do you pass that only to get the 404 or do you get the 404 without ever reaching the directory security? Edit: Looking back I see you did install into a /catalog/ directory. Use the define above with the /catalog/Bob in it, and remember that *nix is case sensitive. Bob is not the same as bob. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Wayne Weedon Posted October 21, 2010 Share Posted October 21, 2010 Any advice will be appreciated... 1.) have I done these things correctly? I have newly installed the osC2.2 RC2. w/ no items uploaded. I have * removed admin/filemanager.php * removed admin/define language.php * renamed admin to "Bob" * passworded Bob using the Password Protect in cPanel, and have .htaccess file therein * changed the following lines in Bob/includes/configure.php, thusly: define('DIR_WS_ADMIN', '/Bob/'); define('DIR_FS_ADMIN', '/your/path/to/directory/Bob/'); Now I can't login to ..../catalog/Bob. I get a .../catalog/admin/login.php?osCAdminID=8v0kt3siu0r55dearvrd900m86 which I infer means I'm close but not really there. If I keep entering I just get at 404. I made all these changes in cPanel's File Manager. 2.) will these changes prevent the current nasty hacks going around? Thanks for your time and insight. is DIR_FS_ADMIN set to the full server path to your admin directory? I hope "Bob" is just figurative ;) You don't really want to be openly disclosing your admin dirs name anywhere. Link to comment Share on other sites More sharing options...
Mort-lemur Posted October 21, 2010 Share Posted October 21, 2010 2.) will these changes prevent the current nasty hacks going around? Some of them, There are other security "enhancements" such as anti Xss, .htaccess in images directory, Sams Anti Hacker Account Mods, PHP IDS to name but a few - I suggest reading and digesting the pinned security thread. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
petevannuys Posted October 21, 2010 Author Share Posted October 21, 2010 1.) reason for not being able to log in (file under "Doh!"): includes/config.php Permissions was set to 444, i.e. read only. So changes weren't being saved. Support at BlueHost said change it to 644, make my edit, and quick change it back. I did and it worked. And I learned something in the process (Yaaaaa!) 2.) Yes, "Bob" is just a pseudonym, thanks for asking. 3.) @ Mort-lemure: ...I suggest reading and digesting the pinned security thread. I see several threads, actually. Since my empty site has only been up two days now, I'm hoping it's not infected. So I'm ignoring advice about searching for and deleting hinky code. Besides, I wouldn't recognize hinky code if I saw it. I guess it's like locking a bicycle. You can't keep someone from stealing it; you just want to make it hard enough that the thief steals someone else's. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted October 21, 2010 Share Posted October 21, 2010 I guess it's like locking a bicycle. You can't keep someone from stealing it; you just want to make it hard enough that the thief steals someone else's. It's more like.... if you are going to paint your bicycle and let it dry for two or three days then do it locked up in the garage and not out on the street. (Translation: Put a directory security password on your site while you are working on it. Only open it up to the public when you have most or all the security mods completed.) Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.